Privacy Policy

This Privacy Policy (hereinafter referred to as the Policy) has been developed by JSC Positive Technologies (hereinafter referred to as the Company) in accordance with the Federal Law on Personal Data (No. 152-FZ) dated July 27, 2006 (hereinafter referred to as the Law) and other regulations on personal data.

The Policy is developed and used jointly with the Consent to Personal Data Processing of Website users.

1. General provisions

This document determines the Company's privacy policy. It is placed at: https://www.phdays.com/en/privacy-policy/. The Company provides unlimited access to the Policy to any person or entity addressing the Company in person.

The Policy is primarily aimed at protecting human and civil rights and freedoms during personal data processing, including protection of the right to privacy, to personal and family secret, and strict observance of the Russian legislation on personal data.

1.3. The Policy is applicable to all personal data of individuals, which are processed by the Company both automatically and manually, as well as to any processes related to personal data processing. Such processes may include (but not limited to) collection, recording, arrangement, accumulation, storage, specification (updating, changing), electronic copying, extraction, use, transfer (distribution, provision, access), anonymizing, blocking, deletion, and destruction of personal data.

The Company is entitled to amend the Policy, as required. The Policy shall be reviewed in case of substantial changes to the international or national legislation on personal data.

The Company does not verify reliability of individuals' personal data or their legal capacity. Such individuals shall guarantee that their personal data are reliable, accurate, and comply with the legislation of Russian Federation.

2. Status of the Company and individuals

The Company is the personal data operator regarding information pertaining to individuals (hereinafter referred to as Personal Data Owners, or the Personal Data Owner) using the website www.phdays.com/en/ (hereinafter referred to as the Website) and participating in events held by the Company.

3. Purposes of personal data processing

The Company implements processes related to personal data processing in cases specified in this section and for the following purposes:

When accessing the Website — for the purpose of proper fulfillment of the Company's obligations to Personal Data Owners, when accessing the Website, and in any other related cases. By using the Website, the Personal Data Owner unconditionally agrees to this Policy and personal data processing terms specified therein. In the event that the Personal Data Owner disagrees with this Policy, the use of the Website must be stopped immediately

When participating in events held by the Company or when carrying out any actions related to such events — for the purpose of registering for such events, reviewing any related applications, as well as acquiring travel tickets and arranging accommodation in cases envisaged by Participation Rules. By participating in events held by the Company or performing any related actions, the Personal Data Owner unconditionally agrees to this Policy and personal data processing terms specified therein. In the event that the Personal Data Owner disagrees with this Policy, participation in any events must be stopped immediately.

When contacting the Personal Data Owner — for the purpose of timely communication with Personal Data Owners, who have transferred their personal data to the Company, and providing them with any necessary reliable and complete information related to the Company's business. This includes (but not limited to) providing information about the Website and services, distribution of information about the Website and services, events and promotions organized by the Company and/or duly authorized third parties. For communication with the Personal Data Owner, the Company is entitled to use their phone number and/or email address.

When obtaining feedback from the Personal Data Owner for the following purposes:

To obtain information regarding loyalty and satisfaction with the Website and services. To analyze and process such information.

To perform analysis for improving the Website and services.

To carry out various types of research.

When protecting Personal Data Owners — for the purpose of ensuring proper operation and security of Websites, confirming any actions implemented by the Personal Data Owner, for actions aimed to prevent fraud, cyberattacks, and other malicious actions, and for investigation of such cases.

4. List of personal data subject to consent for processing

Personal data pertaining to the Personal Data Owner:

General personal data: last name, first name, middle name, passport details, email address, phone number, a country and city of residence, educational background, job position, the corporate name of the employer, information about professional achievements, speeches, and publications

Any other information processed by the Company:

Information on technical equipment (devices): IP address, type of the operating system, type of the device (a personal computer, mobile phone, tablet), type of the browser, geographic location, the fact of filling in a web form, the Internet provider

Information that is automatically obtained when accessing the Website, including websites using cookies

Information obtained as a result of the Personal Data Owner's actions, including data on comments, queries, feedback, and questions

5. Principles of personal data processing

Personal data processing is performed according to the following principles:

Legal and equitable basis for personal data processing.

Personal data are to be processed in accordance with precise, prior determined, and legitimate purposes.

Preventing the combination of personal data that are processed for incompatible purposes.

There should be processed only personal data that comply with the purposes of their processing.

The content and scope of personal data are to be in line with processing purposes.

Personal data are to be accurate, sufficient, up-to-date, and reliable.

Legitimacy of technical measures aimed at personal data processing.

Personal data are to be processed in a reasonable and justified way.

Personal data are to be kept in the form allowing to identify the Personal Data Owner for a period not exceeding the one required for processing purposes or for a period of the Personal Data Owner's consent to personal data processing.

Personal data being processed are to be destroyed or depersonalized without delay after achieving the purpose of processing or if processing is not required any longer.

Personal data processing

Personal data collection.Personal data are collected in the following ways:

Personal data are provided by Personal Data Owners by sending messages to the Company's email address specified on the Website, including applications for participation in the Company's events.

Data regarding the Personal Data Ownerare collected automatically by means of technologies and services: web protocols, cookie files, and web marks that are launched only when the Personal Data Owner fills in their personal data.

Personal data are submitted by Personal Data Owners in the written form, including via means of communication.

Storage and use of personal data.

Personal data of the Personal Data Owner shall be stored solely on duly protected media, including digital media, and may be processed both with and without automation equipment.

By means of automated processing of Personal Data Owners' personal data, the Company ensures keeping the data bases on the territory of Russia.

Transfer of personal data.

The Company shall not transfer personal data to third parties, including (but not limited to) consultants, partners, contract executors, contractors, and agents (hereinafter referred to as Consultants) without the consent from the Personal Data Owner unless such transfer is implemented to ensure compliance with the legislation of the Russian Federation, prevent and preclusion the Personal Data Owner's illegal actions, and protect legitimate interests of the Company and third parties.

Personal data will be transferred to Consultants for achieving the goals above on the basis of a contract with each Consultant. Consultants undertake to use personal data solely in accordance with the Policy, for achieving the goals above, and for rendering contractual services.Should the Personal Data Owner transfer their personal data to third parties, including Consultants (for example, on Consultants' website) in connection with participation in events or carrying out certain actions in relation to such events, such transfer shall be regulated by the third parties.

Destruction of personal data.The Company will destroy personal data of the Personal Data Owner in the following cases:

Personal data under processing that pertain to the Personal Data Owner, the source of obtaining the same unless otherwise provided by the legislation of the Russian Federation

The period of personal data processing, including the storage period

Procedures for exercising the rights under the legislation of the Russian Federation

Any facts of implemented or intended cross-border transfer of personal data

Individuals or entities to which personal data may be disclosed under a contract with the Company or under the Russian legislation

Corporate name or last name, first name, middle name of an entity or individual processing personal data on behalf of the Company if the Company has instructed them to process personal data or intends to do so

Any other information provided for by the Russian legislation

Personal Data Owners are entitled to obtain information specified in Section 7.1 of the Policy as many times as they wish by submitting the Company a relevant request according to the procedure specified in Section 12 of the Policy.

Take measures necessary and sufficient for fulfilling obligations under the Law.

Upon request of the Personal Data Owner, the Company shall verify personal data under processing, block, or delete them if they are incomplete, outdated, inaccurate, obtained illegally or unnecessary for processing purposes.

Ensure that personal data are processed legitimately. If the Company is unable to ensure legitimate processing of personal data, the Company shall, within a period not exceeding 10 (ten) business days from the date on which illegitimate processing was detected, destroy such personal data or ensure that they are destroyed.

If the Personal Data Owner revokes their consent for personal data processing, the Company shall terminate personal data processing and destroy them within a period not exceeding 30 (thirty) business days from the date on which the revocation was submitted unless such processing may be continued under the legislation of the Russian Federation.

9. Requirements for personal data protection

Personal data processed by the Company are protected by means of legal, administrative, and technical measures that are necessary and sufficient for compliance with the legislation of the Russian Federation on personal data protection.

Legal measures include:

Developing the Company's local regulations to implement requirements of the legislation of the Russian Federation in terms of processing and protection of personal data, including this Policy, which is placed at: https://www.phdays.com/en/privacy-policy/

Refusal from any means of personal data processing that are not line with purposes prior determined by the Company

Administrative measures include:

To appoint a person responsible for organizing of personal data processing.

To restrict the group of the Company's employees who have access to personal data, and to establish a relevant access granting system.

To familiarize the Company's employees with the legislationof the Russian Federation on personal data, including requirements for personal data protection, and with the Company's local regulations on personal data processing, as well as to organize relevant training for such employees.

To ensure protection of premises where personal data media are placed, and to prevent any unauthorized access to such premises.

The Company undertakes and, in case of transferring the right for processing personal data of the Personal Data Owner, shall ensure that third parties undertake to observe confidentiality of personal data of the Personal Data Owner, and not to use the same without a consent from the Personal Data Owner, except for cases specified in this Policy.

10. Transferring personal data to foreign states

Before transferring personal data abroad, the Company shall ensure that a foreign state to which the Сompany intends to transfer personal data provides adequate protection of the Personal Data Owner's rights.

Personal data can be transferred to foreign states that do not provide adequate protection of the Personal Data Owner's rights in the following cases:

There is a written consent of the Personal Data Owner to cross-border transferring of their personal data.

This is provided for under international treaties of the Russia Federation.

This is provided for under federal laws if required for protection of Russia's constitutional order, for purposes of national defense and national security, ensuring secure and sustainable operation of the transportation industry, protection of civil, public, and national interests in the transportation industry from illegal interference.

To perform a contract to which the Personal Data Owner is a party.

To protect life, health, and other vital interests of the Personal Data Owner or other persons if it is impossible to obtain a written consent from the Personal Data Owner.

11. Restrictions on the Policy

The Personal Data Owner shall be prudent and responsible in placing their personal data on the Website in public access when leaving feedback or comments.

The Company shall not be held liable for actions of third parties that have obtained access to personal data at the fault of the Personal Data Owner.

12. Queries of the Personal Data Owner

The Personal Data Owner is entitled to submit the Company queries, including those regarding the use of their personal data:

Queries in the written form shall be submitted at: 107241, Moscow, Schelkovskoe shosse, 23A.

Information regarding issuance of such ID document and issuing authority

Information confirming the Personal Data Owner's relationship with the Company

Signature of the Personal Data Owner

The Company undertakes to review such query and reply within 30 (thirty) calendar days from the date of receipt.

All information that the Company received from the Personal Data Owner (including queries both in the written and in the digital form) shall be treated as confidential and shall not be disclosed without their written consent.

Purposes of personal data processing. The Company implements processes related to personal data processing for the following purposes:

When accessing the Website — for the purpose of proper fulfillment of the Company's obligations to Personal Data Owners, when accessing the Website, and in any other related cases. By using the Website, the Personal Data Owner unconditionally agrees to this Policy and personal data processing terms specified therein. In the event that the Personal Data Owner disagrees with this Policy, the use of the Website must be stopped immediately.

When participating in events held by the Company or when carrying out any actions related to such events — for the purpose of registering for such events, reviewing any related applications, as well as acquiring travel tickets and arranging accommodation in cases envisaged by Participation Rules. By participating in events held by the Company or performing any related actions, the Personal Data Owner unconditionally agrees to this Policy and personal data processing terms specified therein. In the event that the Personal Data Owner disagrees with this Policy, participation in any events must be stopped immediately.

When contacting the Personal Data Owner — for the purpose of timely communication with Personal Data Owners, who have transferred their personal data to the Company, and providing them with any necessary reliable and complete information related to the Company's business. This includes (but not limited to) providing information about the Website and services, distribution of information about the Website and services, events and promotions organized by the Company and/or duly authorized third parties. For communication with the Personal Data Owner, the Company is entitled to use their phone number and/or email address.

When obtaining feedback from the Personal Data Owner for the following purposes:
— To obtain information regarding loyalty and satisfaction with the Website and services. To analyze and process such information.
— To perform analysis for improving the Website and services.
— To carry out various types of research.

When protecting Personal Data Owners — for the purpose of ensuring proper operation and security of Websites, confirming any actions implemented by the Personal Data Owner, for actions aimed to prevent fraud, cyberattacks, and other malicious actions, and for investigation of such cases.

List of personal data subject to consent for processing

The User's personal data:
— General personal data:
last name, first name, middle name, passport details, email address, phone number, a country and city of residence, educational background, job position, the corporate name of employer, information about professional achievements, speeches and publications. For the purpose of acquiring travel tickets and arranging accommodation in cases envisaged by Participation Rules, the Company is entitled to request passport details.

Any other information processed by the Company:
— Information on technical equipment (devices): IP address, type of the operating system, type of the device (a personal computer, mobile phone, tablet), type of the browser, geographic location, the fact of filling in a web form, the Internet provider
— Information that is automatically obtained when accessing the Website, including websites using cookies
— Information obtained as a result of the Personal Data Owner's actions, including data on comments, queries, feedback, and questions

Transfer of personal data to third parties. I hereby acknowledge and confirm that, whenever it becomes necessary to provide my personal data to any third parties for the above-mentioned purposes, or if third parties are instructed to render contractual services for the above-mentioned purposes, The Company shall be entitled to full disclosure of my personal data to such third parties, including consultants, partners, contract executors, contractors, agents, and their authorized persons, for the above-mentioned actions. I also acknowledge and confirm that I have granted this consent to any third parties mentioned above, given the terms above, and that any such third parties shall be entitled to process my personal data via the means above on the basis of this consent.

This consent shall remain valid until revoked in the written form.

I am informed and agree that this consent may be revoked by submitting to the Company a written request by certified mail with the list of attachments. In this case, personal data shall be destroyed within 30 (thirty) calendar days from the date of receiving the notification while their processing shall be terminated unless explicitly specified to the contrary by the legislation of the Russian Federation.